package com.example.common.security.expression;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.stereotype.Component;

/**
 * @program: springsecurity-study
 * @description: 权限表达式接口实现
 * @author: ChenZhiXiang
 * @create: 2019-08-01 16:20
 **/
@Component
@Order(Integer.MIN_VALUE)
public class MyAuthorizeConfigProvider implements AuthorizeConfigProvider {

    @Value("${login.page}")
    private String loginPage;

    @Override
    public void config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) {
        config.antMatchers(
                "/authentication/require",
                            loginPage,
                            "/images/captcha",
                            "/session/invalid",
                            "/favicon.ico").permitAll();
//                .antMatchers("/add").hasRole("ADMIN");
    }
}
